Google has patched 62 vulnerabilities in Android, including two actively exploited zero-days in its April 2025 Android Security Bulletin. When we say “zero-day” we mean an exploitable software vulnerability for which there was no patch at the time of the vulnerability being exploited or published.
The term reflects the amount of time that a vulnerable organization has to protect against the threat by patching—zero days. The April updates are available for Android 13, 14, and 15. Android vendors are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for all devices immediately.
Read more…
Source: Malwarebytes Labs
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- XCSSET Update: Browser Debug Modes, Inactive Ransomware
September 4, 2020
In our first blog post that covered XCSSET, we discussed its relatively unique danger to Xcode developers and the way it took advantage of two macOS vulnerabilities to maximize what it can take from an infected machine. Our research into this incident is still ongoing, and in this blog post, we cover some other aspects of ...
- Digital Education: The cyberrisks of the online classroom
September 4, 2020
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after schools began to transition to emergency remote learning, it ...
- CISA and FBI say they have not seen cyber-attacks this year on voter registration databases
September 2, 2020
The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation said today that they have not seen any cyber-attacks target US voter registration databases and voting systems this year. The two agencies issued a joint statement today after an article in Russian media had gone viral earlier this morning. The article, published by Russian news ...
- A Blind Spot in ICS Security: The Protocol Gateway [Part 1] – Importance of the Protocol Gateway
September 1, 2020
A protocol gateway is a small network device, also called a “protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has ...
- Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers
September 1, 2020
Users on the internet rely on domain names to find brands, services, professionals and personal websites. Cybercriminals take advantage of the essential role that domain names play on the internet by registering names that appear related to existing domains or brands, with the intent of profiting from user mistakes. This is known as cybersquatting. The ...
- Commodified Cybercrime Infrastructure – Exploring the Underground Services Market for Cybercriminals
September 1, 2020
Beyond standard underground offerings such as malware and exploit kits, cybercriminals also value having a stable hosting infrastructure that underpins all their activities. Such an infrastructure could host malicious content and the necessary components for controlling their operations (e.g., bulletproof hosting that run backend hacker infrastructure or a rented botnet of compromised machines). In many respects, ...